Privacy & Security
While the organization's website is now accessible, along with some "read-only" medical records, its patient portal is still down.
This week's top stories include a cyberattack that led to a network outage at Scripps Health, the HRSA telling six drugmakers they're in violation of the 340B statute and Google giving a sneak peek into its new AI dermatology assistant.
Conservative individuals were less supportive of using digital data to mitigate transmission than moderate or liberal ones.
In this episode of HIT Cybersecurity, attorney Wynter Deagle, partner at Troutman Pepper, discusses what health systems should be thinking about in terms of incident response, cyber insurance and other compliance questions.
The cyber risk platform Black Kite released a new report this week finding that one in 10 global pharmaceutical manufacturers are at a high risk of suffering a ransomware attack.
The report, published on Tuesday, evaluated the cybersecurity posture of the 200 largest global pharmaceutical companies and 166 associated third-party vendors.
"We have seen how ransomware attackers can shut down a gasoline pipeline in the past week. Imagine if a ransomware attack halted a manufactured COVID-19 vaccine hostage or stopped the production of vital chemotherapy drugs,” said Bob Maley, Black Kite’s chief security officer, in a statement.
WHY IT MATTERS
Billions of people worldwide rely on the pharmaceutical industry, sometimes for daily medications.
"An interruption in manufacturing lifesaving drugs or therapies would be catastrophic for many. A cyberattack on a pharmaceutical company could mean life or death for consumers," noted the Black Kite report.
The organization used open-source intelligence sources, in combination with machine learning, to evaluate companies' susceptibility to ransomware attacks on a scale of 0.0 to 1.0.
Nearly 10% of companies were over what Black Kite considers a "critical" threshold of 0.6, indicating high susceptibility.
Medium-sized pharmaceutical companies had the highest average susceptibility.
Security issues included out-of-date systems, phishing vulnerability, publicly visible critical ports, credentials in lists shared on the deep web and past data breaches.
Vendors are also vulnerable: 12.2% of IT solutions are above the critical threshold, and nearly 5% of software vendors are – but the report flagged data management vendors as the riskiest.
"The people you do business with matters, more so now than ever," said Maley in the report. "Supply chain continuity is everyone's responsibility, especially amidst today's evolving cyber landscape.
"That said, your risk management obligations are never entirely fulfilled, not even after you've achieved a 'good' cyber rating. Your suppliers, partners, vendors and third parties all open other gateways to your network," he added.
So what makes pharma such a rich target? The report outlined several reasons, including digital transformation, data access, widely adopted medical technology and complex supply chains.
"The pharmaceutical industry is the world’s third-largest industry, following the finance and e-commerce sector. With a predicted compound annual growth rate of 13.7% through 2027, it's no secret that pharmaceutical organizations will become a more valuable target to cyber criminals," read the report.
THE LARGER TREND
As Maley mentioned, ransomware attacks have been in the news since they led to the shutdown of the Colonial Pipeline earlier this month.
But for the healthcare industry, they're nothing new. Just this week, Scripps Health marked two weeks of a network outage following what was reported to be a ransomware attack – while Ireland's national health service faced a shutdown of its own.
And when it comes to the pharmaceutical supply chain, one major effort stands out: the COVID-19 vaccine. Experts have warned that the process of manufacturing and distributing the vaccines presents a number of vulnerabilities – and hackers have already begun to take aim.
ON THE RECORD
"Billions across the globe rely on pharmaceutical manufacturers. Ransomware attacks on 10% of the globe’s pharmaceutical companies could have an immense impact," said Maley.
Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.
Rita Bowen, vice president of privacy, compliance and HIM policy at MRO, discusses how the changes could affect healthcare provider organizations.
Meanwhile, Ireland's national health service is continuing to grapple with outages of its own following a ransomware incident.
HIMSS21
Attendees, exhibitors, speakers and staff will need to verify that they're fully vaccinated to gain entry to the HIMSS21 campus in Las Vegas. HIMSS will offer more guidance soon on proof and validation, including potential digital apps.
Cybersecurity expert Thanos Drougkas explains how COVID-19 has changed the threat landscape around smart hospitals - and how administrators should respond to potential attacks.
Ireland’s health service IT system has been shut down as a precautionary measure, following a cyber attack today.
The Health Service Executive (HSE) believes the attack is by international criminals attempting to extort money, although no demand has yet been received.
HSE confirmed there had been “a significant ransomware attack on the HSE IT systems” and it had closed down systems “to protect them from this attack and to allow us fully assess the situation with our own security partners.”
Irish health minister Stephen Donnelly said the attack was having “a severe impact” on health and social care services, but emergency services and the National Ambulance Service were still in operation.
WHY IT MATTERS
Ransomware is a malicious software that encrypts files on a computer system.
The attack has caused health services to temporarily return to paper-based systems, leading to delays and cancellations to patient services.
Hospitals affected include the Rotunda Maternity Hospital and the National Maternity Hospital in Dublin, which have both reported significant disruption to services, as they are unable to access electronic records.
The UL Hospitals group warned of long delays for patients. In a statement on Twitter it said it was “largely operating manual back-up systems” and delays would continue “until such time as patient information, diagnostic reporting and other affected IT systems are secure and operational.”
COVID-19 vaccinations and tests will continue, but the registration portal for vaccinations and testing referrals system have bene shut down.
THE LARGER CONTEXT
The attack comes four years after the WannaCry virus attack, which affected more than 200,000 computers in 150 countries worldwide. It caused disruption to around 81 NHS trusts and more than 600 primary care organisations in England.
More recently, the outsourcing firm behind NHS Test and Trace, Serco confirmed that parts of its infrastructure in mainland Europe had experienced a double extortion ransomware attack from cybercriminals.
In February, French insurance company Mutuelle Nationale des Hospitaliers (MNH) suffered a ransomware attack that disrupted the company's healthcare operations.
Last year, the Vastaamo therapy centre in Finland was targeted by who obtained medical records from patient therapy sessions.
Cybersecurity expert, Saif Abed, founding partner of AbedGraham, told Healthcare IT News the threat cyber-attacks pose during mass vaccination programmes.
ON THE RECORD
The EU Agency for Cybersecurity (ENISA) said: “We firmly condemn this malicious behaviour in the midst of a health crisis. We are following the ongoing situation and possible developments closely with the authorities and at EU level with the CSIRTs Network.
“The health sector is regarded as a vulnerable sector to cyber incidents and crises. In the ENISA Threat Landscape report, it was found that more than 66% of healthcare organisations experienced a ransomware attack in 2019.
“In 2019, 45% of attacked organisations paid the ransom. The 45% of organisations that were attacked and paid the ransom, half still lost their data.
“In relation to the COVID-19 pandemic, hospitals/labs/healthcare organisations have been prime targets for cybercrime related attacks. For example, hospitals in France and Czechia have been targeted.”
Brian Honan CEO of Dublin-based cybersecurity firm, BH Consulting, said: “Ransomware has over the past few years has rapidly become a scourge that has impacted organisations all over the globe. Criminals have also deliberately targeted healthcare organisations during the pandemic as they are so critical in the fight against COVID19. High profile attacks like this, and indeed the attack against Colonial Pipeline, will hopefully serve as a wakeup call to governments that cybercrime is a serious threat to our society and way of live and needs to be dealt with accordingly.”
Robert Golloday, an EMEA and APAC director at cybersecurity firm, Illusive, said: "This attack against HSE is the latest confirmation of how the professional-scale hack-for-ransom threat is spreading rapidly. Among other institutions, these groups are targeting hospitals and other healthcare providers, most likely because of the value of the personal information their servers hold.”
George Daglas, chief operations officer at computer security service, Obrela Security Industries, said: "Ransomware is a particularly vicious threat because it is a double-extortion. Attackers are able to leak an organisations data, which also holds the organisation at ransom, putting the organisations and their customers, or in this case patients, in a very dangerous position.”
The story was updated at 17.15 BST